The future of our fdroid-compatible app repository

Guardian Project has been running its own fdroid-compatible app repository since 2012. Up until now, we worked to ensure that our repository had the same standards of free software as the official F-Droid repository. Therefore, the Guardian Project repository was included in the official F-Droid client app by default. A lot has changed since then, for the better. F-Droid has long since stopped shipping pre-built binaries from any provider. Back in the day, F-Droid shipped some binaries, like Mozilla’s Firefox APKs, and allowed some non-free libraries in apps. [Read More]

New Data Sources: API Key Identifiers and BroadcastReceiver Declarations

A central focus of the Tracking the Trackers project has been to find simple ways to detect whether a given Android APK app file contains code which tracks the user. The ideal scenario is a simple program that can scan the APK and tell a non-technical user whether it contains trackers, but as decades of experience with anti-virus and malware scanners have clearly demonstrated, scanners will always contain a large degree of approximation and guesswork. [Read More]

εxodus ETIP: The Canonical Database for Tracking Trackers

There is a new story to add to the list of horrors of Surveillance Capitalism: the United States’ Military is purchasing tracking and location data from companies that track many millions of people. We believe the best solution starts with making people aware of the problem, with tools like Exodus Privacy. Then they must have real options for stepping out of “big tech”, where tracking dominates. F-Droid provides Android apps that are reviewed for tracking and other “anti-features”, and F-Droid is built into mobile platforms like CalyxOS that are free of proprietary, big tech software. [Read More]

Distribution in Depth: Mirrors as a Source of Resiliency

There are many ways to get the apps and media, even when the Internet is expensive, slow, blocked, or even completely unavailable. Censorshop circumvention tools from ShadowSocks to Pluggable Transports can evade blocks. Sneakernets and nearby connections work without any network connection. Hosting on Content Delivery Networks (CDNs) can make hosting drastically cheaper and faster. One method that is often overlooked these days is repository mirrors. Distribution setups that support mirrors give users the flexibility to find a huge array of solutions for problems when things are not just working. [Read More]

Managing offline maps with F-Droid and OsmAnd

When disaster strikes, our mobile devices can provide us with many tools to deal with a wide variety of problems. The internet is not available in every corner of the planet, and large scale outages happen. Digital maps allow us to carry detailed maps of the entire planet in our pockets. And the good map apps allow the user to download entire regions to the device so that they operate without internet at all. [Read More]

Tracking the Trackers: using machine learning to aid ethical decisions

F-Droid is a free software community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It has become the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the F-Droid.org collection. These include Nextcloud, Tor Browser, TAZ.de, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. [Read More]

Trusted Update Channels vs. Scratching Your Itch

One of the great things about free software is that people can easily take a functional program or library and customize it as they see fit. Anyone can come along, submit bug fixes or improvements, and they can be easily shared across many people, projects, and organizations. With distribution systems like Python’s pypi, there is an update channel that the trusted maintainers can publish fixes so consumers of the library can easily get updates. [Read More]

PanicKit 1.0: built-in panic button and full app wipes

Panic Kit is 1.0! After over three years of use, it is time to call this stable and ready for widespread use. Built-in panic button This round of work includes a new prototype for embedding PanicKit directly into Android. Android 9.0 Pie introduced a new “lockdown” mode which follows some of the patterns laid out by PanicKit. [Read More]

Wind is a Mozilla & National Science Foundation Grand Prize Winner

On August 14th, members of the Guardian Project team traveled to Mountain View to compete in the final round of the Wireless Innovation for a Networked Society (WINS) Challenge. We learned in July that our Wind project was a finalist, and we now had the opportunity to compete for one of the grand prizes, in a TED-meets-SharkTank style event, at Mozilla HQ. Wind is a network designed for opportunistic communication and sharing of local knowledge that provides off-grid services for everyday people, using the mobile devices they already have. [Read More]

Building a Signing Server

The Android APK signing model sets the expectation that the signing key will be the same for the entire lifetime of the app. That can be seen in the recommended lifetype of an Android signing key: 20+ years. On top of that, it is difficult to migrate an app to a new key. Since the signing key is an essential part to preventing APKs from impersonating another, Android signing keys must be kept safe for the entire life of the app. [Read More]

Repomaker Usability Trainers Worldwide, June 2017

Repomaker Usability, Trainers Worldwide Study Prepared by Carrie Winfrey and Tiffany Robertson, Okthanks, in partnership with F-Droid and Guardian Project OK Thanks – Guardian Project For more information, contact carrie@okthanks.com. Purpose The purpose of this study was to understand the following things. Are users able to complete basic tasks including, creating a repo, adding apps from other repos, removing apps, editing app details, and creating a second repo? [Read More]

Tracking usage without tracking people

One thing that has become very clear over the past years is that there is a lot of value in data about people. Of course, the most well known examples these days are advertising and spy agencies, but tracking data is useful for many more things. For example, when trying to build software that is intuitive and easy to use, having real data about how people are using the software can make a massive difference when developers and designers are working on improving their software. [Read More]

fdroidserver UX Testing Report

We ran user tests of fdroidserver, the tools for developers to create and manage F-Droid repositories of apps and media. This test was set up to gather usability feedback about the tools themselves and the related documentation. These tests were put together and run by Seamus Tuohy/Prudent Innovation. Methodology Participants completed a pretest demographic/background information questionnaire. The facilitator then explained that the amount of time taken to complete the test task will be measured and that exploratory behavior within the app should take place after the tasks are completed. [Read More]

Announcing new libraries: F-Droid Update Channels

In many places in the world, it is very common to find Android apps via a multitude of sources: third party app stores, Bluetooth transfers, swapping SD cards, or directly downloaded from websites. As developers, we want to make sure that our users get secure and timely update no matter how they got our apps. We still recommend that people get apps from trusted sources like F-Droid or Google Play. [Read More]

New research report on the challenges developers face

The Guardian Project has been working with the F-Droid community to make it a secure, streamlined, and verifiable app distribution channel for high-risk environments. While doing this we have started to become more aware of the challenges and risks facing software developers who build software in closed and closing spaces around the world. There are a wealth of resources available on how to support and collaborate with high-risk users. [Read More]

F-Droid User Testing, Round 2

#by Hailey Still and Carrie Winfrey **** Here we outline the User Testing process and plan for the F-Droid app store for Android. The key aims of F-Droid are to provide users with a) a comprehensive catalogue of open-source apps, as well as b) provide users with the the ability to transfer any app from their phone to someone in close physical proximity. With this User Test, we are hoping to gain insights into where the product design is successful and what aspects need to be further improved. [Read More]

F-Droid: A new UX 6 years in the making

_(post by Peter Serwylo)_ F-Droid has been a part of the Android ecosystem for over 6 years now. Since then, over 2000 apps have been built for the main repository, many great features have been added, the client has been translated into over 40 different languages, and much more. However, the F-Droid UX has never changed much from the original three tab layout: This will change with the coming release of F-Droid client v0. [Read More]

F-Droid Lubbock Report – What We Want to Know

F-Droid LBK Usability Study Report – What We Want to Know Prepared by Carrie Winfrey Preliminary Version – April 17, 2017 Introduction When planning this user test, the team outlined features and flows within the app on which we wanted feedback. From there, we created tasks for participants to complete that would access these areas, and produce insights related to our inquires. This document is organized by the tasks participants completed. [Read More]

F-Droid now supports APK Expansion Files aka OBB

Many games, mapping, and other apps require a large amount of data to work. The APK file of an Android app is limited to 100MB in size, yet it is common for a single country map file to be well over 100MB. Also, in order to get users running as quickly as possible, they should not have to wait for huge amounts of data to download in order to just start the app for the first time. [Read More]

Build Your Own App Store: Android Media Distribution for Everyone

Most people get their Android apps from Google Play. It is usually the simplest and most secure option for them. But there are also many people who do not have access to Google Play. This might be due to lack of a proper internet connection or simply because Google Play is blocked within their country. The F-Droid project already offers tools to create independent app distribution channels for Android apps. [Read More]